JadePuffer: the first ransomware attack with nobody at the keyboard
What happened
Sysdig’s threat research team documented what it believes is the first complete ransomware operation driven end-to-end by an AI agent. The attack, dubbed JadePuffer, ran the whole playbook autonomously: reconnaissance, exploiting a known vulnerability (CVE-2025-3248), credential theft, lateral movement, persistence, privilege escalation, encryption, and finally dropping the ransom note. No human operator in the loop.
Two details stand out. First, the agent adapted on the fly — in one case going from a failed login to a working fix in 31 seconds. Second, the malware essentially confessed to being AI-written: its payloads were “self-narrating,” full of natural-language reasoning and tidy code annotations that human attackers rarely bother with but LLMs produce reflexively.
Why it matters
The Five Eyes intelligence alliance warned just weeks ago that frontier AI would “fundamentally transform both offensive and defensive cyber capabilities,” and that the timeline was months, not years. It turned out to be weeks. Autonomous attack chains change the economics of cybercrime: one operator can now launch attacks at machine speed and machine scale, retrying failures faster than any human red team.
The defensive implication is just as blunt. If attacks adapt in 31 seconds, defense that depends on a human reading an alert queue is structurally too slow. Expect the “AI agents defending against AI agents” pitch decks to arrive at a security conference near you, roughly immediately.
The wry bit
The first fully autonomous ransomware was caught partly because it wrote beautifully commented, well-documented code. Decades of engineering managers begging for readable code, and the lesson finally landed — on malware. There’s probably a docstring in there explaining the ransom note’s tone of voice.